In step 7 ("Encrypting RSA private key of CA with a pass phrase for security [ca.key]")and step 8 ("Encrypting RSA private key of SERVER with a pass phrase for security [server.key]") of the certificate creation process you are asked if you want to encrypt the respective key now. Choose n there because otherwise you will always be asked for a password whenever you want to restart the ISPConfig system which means it cannot be restarted without human interaction!